Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Fedora Directory (http://www.linux-archive.org/fedora-directory/)
-   -   DS ACLs - still (http://www.linux-archive.org/fedora-directory/641604-ds-acls-still.html)

Karoly Czovek 03-06-2012 05:24 PM
DS ACLs - still
 
Hi there,
i faced into the following problem:
installed one instance of 389ds to our DR site.Imported the databasesSet up SSL*Removed the anonymous read ACLsRestarted the dirsrv
Replication is not set up.
and I stil can pull the whole db, with a simple
ldapsearch -x -LLL -h ds-drb -b "dc=foo,dc=bar"
389-ds-base-libs-1.2.9.14-1.el6_2.2.x86_64389-admin-1.1.25-1.el6.x86_64389-admin-console-doc-1.1.8-1.el6.noarch389-console-1.1.7-1.el6.noarch389-ds-base-1.2.9.14-1.el6_2.2.x86_64389-admin-console-1.1.8-1.el6.noarch389-ds-console-doc-1.2.6-1.el6.noarch389-dsgw-1.1.7-2.el6.x86_64389-adminutil-1.1.14-2.el6.x86_64389-ds-console-1.2.6-1.el6.noarch389-ds-1.2.2-1.el6.noarch
Any idea?

--
Karoly CZOVEK
Senior Systems Administrator
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users

Jim Finn 03-06-2012 05:31 PM
DS ACLs - still
 
Have you set the following?
dn: cn=config
nsslapd-allow-anonymous-access: off

http://directory.fedoraproject.org/wiki/Anonymous_Access_Switch


Jim Finn

On Tue, Mar 6, 2012 at 12:24 PM, Karoly Czovek <karoly.czovek@moveoneinc.com> wrote:

Hi there,
i faced into the following problem:
installed one instance of 389ds to our DR site.Imported the databasesSet up SSL*
Removed the anonymous read ACLsRestarted the dirsrv
Replication is not set up.
and I stil can pull the whole db, with a simple
ldapsearch -x -LLL -h ds-drb -b "dc=foo,dc=bar"

389-ds-base-libs-1.2.9.14-1.el6_2.2.x86_64389-admin-1.1.25-1.el6.x86_64389-admin-console-doc-1.1.8-1.el6.noarch389-console-1.1.7-1.el6.noarch389-ds-base-1.2.9.14-1.el6_2.2.x86_64
389-admin-console-1.1.8-1.el6.noarch389-ds-console-doc-1.2.6-1.el6.noarch389-dsgw-1.1.7-2.el6.x86_64389-adminutil-1.1.14-2.el6.x86_64389-ds-console-1.2.6-1.el6.noarch
389-ds-1.2.2-1.el6.noarch
Any idea?


--
Karoly CZOVEK
Senior Systems Administrator

--

389 users mailing list

389-users@lists.fedoraproject.org

https://admin.fedoraproject.org/mailman/listinfo/389-users


--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users


All times are GMT. The time now is 11:49 AM.

VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.